CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts

Archive for the ‘Hacked’ Category

US Army CECOM Website Breached, 30 Record Sets With User IDs, Clear-text Passwords, Private Data Posted On Pastebin

Thursday, March 22nd, 2012

Black Jester, the hacker who yesterday demonstrated that he managed to gain unauthorized access to a NASA site, leaked sensitive contract information from a site connected to the US Army Communications and Electronics Command (CECOM).

A number of 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords were published in a Pastebin document.

“Old crappy server, but has good info inside it. The list is not complete due the lazy condition and msaccess db , enjoy!” the hacker wrote next to the data dump.

The Pastebin post doesn’t contain the name of the site from where the data was leaked, but the hacker provided us with the IP address associated with it. That IP address led us to a Software Engineering Services site on which only “eligible users” may register.

We couldn’t reach the hacker for further comment, but he told us on a different occasion that the names of such sites would not be disclosed to the public to prevent “script kiddiez” from breaching them.

We have sent an email to the webmaster of the site in question and notified him on the incident, but so far we haven’t received any response.

Black Jester is known in the hacker community as the one who wanted to help the United Nations patch up a couple of its public websites. Instead of doing what most security researchers do in this situation and send an email, he went down to their offices in person.

His other hacks, which he claims are unrelated to the UN incident, targeted NASA and a Qwest datacenter, whose servers he held hostage with the purpose of forcing the company to patch up the vulnerabilities.

Credit: Softpedia.com News

US Security Firm Stratfor Hit By ‘Anonymous’, Clients Credit Cards And Passwords Stolen

Monday, December 26th, 2011

The hacking group “Anonymous” on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity.

Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple Inc., U.S. Air Force the Miami Police Department. They said they obtained more than 4,000 credit card numbers, passwords and home addresses. Some clients of Stratfor have confirmed unauthorized transactions linked to their credit cards.

Stratfor is a company providing services to help clients manage risk. The company charges subscribers for reports and analysis it issues. The company’s main website was down in Sunday with the message: “site is currently undergoing maintenance.” Most of the victims were individual subscribers and not companies and government agencies. Anonymous in a Twitter message taunted Stratfor, saying: “Not so private and secret anymore?” The group promised that Stratfor was only the beginning of attacks to come.

Anonymous claims that it was able to steal as much as 200 gigabytes of information from Stratfor because Stratfor did not bother to encrypt them. This Revelation, if true, is serious indictment of a security services related company. The hackers published a list of what they claimed was Stratfor’s client list and tweeted a link to encrypted files with stolen names, phone numbers, emails addresses, credit card and account details. The hackers claimed that the information they have published so far is only a small part of what they stole from Stratfor.

PC Magazine reports that besides using the stolen funds for donations to charity the attackers said they were also hoping to use the incident to draw attention to the case of Pfc. Bradley Manning of the U.S. Army who is on trial over alleged involvement in leak of hundred of thousands of confidential military documents. A statement that claimed to be from the hackers said: “We hereby ask that Bradley Manning be given a delicious meal this Lulzxmas, and no, not the ‘holiday special’ in the prison chow hall. We want him out on the streets at a fancy restaurant of his choosing, and we want this to happen in less than five hours.”

values greatly. This hack is most definitely not the work of Anonymous.”
Huffington Post said that credit card owners whose cards have been hacked may contact the credit card company to dispute the charge. A member of Anonymous said on Twitter that 90,000 credit cards from law enforcement, the intelligence community and journalists have been hacked and used “steal a million dollars” for charity donations. The statement mentioned “corporate/exec accounts of people like Fox” News. But Huffington Post reports it was not possible to verify the claims.

Credit: DigitalJournal.com

Ultimate Bet Players Accounts Compromised, 3.5 Million Records Freely Available Online For Weeks Still In Google Cache

Tuesday, December 6th, 2011

In a breach of security at Ultimate Bet, information from every player’s account had been publicly posted on the internet, revealing personal information of approximately 3.5 million poker players holding accounts at the nearly-dead poker site.

A popular poker forum website posted a link to the account information via an anonymous posting, but removed the link roughly eight minutes later. In that short span of time, enough people identified the link and apparently passed the information around privately.

The data leaked from the accounts included each player’s name and screen name; birth date; email, mailing and IP addresses; phone number; deposit methods typically used; VIP, affiliate and blacklist statuses; account balance; and players’ UB account numbers, but not bank account numbers as far as we know.

The data listed was organized by specific countries, with about 2 million accounts from the U.S., 319,000 Canadian accounts, 137,000 United Kingdom accounts, and approximately 1 million accounts from all other countries combined. The data contained more than a dozen other columns which were not clearly identifiable. The unidentifiable columns were not labeled and contained inconsistent information. For example, one column that listed IP addresses also contained physical addresses and another column listing screen names for some users contained account numbers for different users.

The data is still partially available in Google cache. Files organized by country:

One of the files showing details in XLS format in Google cache:

Financial information of each player, excluding account balances and deposit methods, was not listed. And no personal credit card numbers were shown either. It is not known who leaked the account information or the reason why.

Ultimate Bet and Absolute Poker, who together make up the Cereus Network and were the third largest internet poker network prior to Black Friday, have been virtually defunct since the U.S. Department of Justice’s actions that seized their domains and much of their assets and indicted the company’s principals in mid-April. Since that time, most of the poker room’s players haven’t been able to cashout, while some overseas non-U.S. players have been able to withdraw small amounts sporadically. In mid-June, it was reported that both poker sites combined had only approximately ten percent of the funds owed to players, said to be $54 million. Toward the end of October, the Kahnawake Gaming Commission, who issued the operator’s license to the Cereus Network, announced that company owners were planning to liquidate assets to reimburse players with money in their account balances at the sites. However, the company’s full assets are not known.

The data leaked on the internet was exclusive to Ultimate Bet players and did not include Absolute Poker players. Ultimate Bet players with valid accounts on the site should be vigilant in realizing that personal account information may have gotten into the wrong hands and to be wary of suspicious phone calls or emails received. Account holders would also do well to ensure that their online passwords to email addresses and other login information to various accounts is sufficiently secure to ward off any possibilities of identity theft or fraudulent activity.

Various players at the Cereus Network have reported the inability to join real money sit-n-go tables the last two days. It is possible to log onto the network, but attempting to join a sit-n-go table results in nothing happening. There are a couple players listed as sitting at sit-n-go tables waiting for more players, but these are believed to be props. At the time of this writing, there was only one real money table in action, a $.01/.02 no-limit hold’em table with an average pot of $.44. At the lone table, 57% of players were seeing the flop and 120 hands were being played per hour. However, play money tables are quite populated and going strong.

Credit: PokerNewsReport.com

Restaurant Depot, Jetro Cash & Carry Processing System Compromised, Credit Cards Sold On Russian Blackmarket

Tuesday, December 6th, 2011

If you used a credit card between the dates of Sept. 21 and Nov. 18th at national restaurant wholesalers Restaurant Depot or Jetro Cash & Carry, then you should probably know that Russian cyberthugs wearing leather blazers and gold chains and stinking of Armani Aqua di Gio are currently selling your information on the black market.

The following is an excerpt of the letter currently being sent to all customers deemed to be at risk:

“We recently determined that computer hackers stole credit and debit card information from the card processing system we use…”

“You are receiving this letter because we believe your credit or debit card information was stolen. This letter explains actions we have taken in response to the theft and describes some actions you can take to protect yourself against fraud.”

“How the thieves stole the card information — The investigators determined that the thieves inserted malicious software or ‘malware’ into the credit and debit card processing systems we use in our stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia.”

If you’re wondering if you’ve ever shopped at a Restaurant Depot but aren’t quite sure, run through this simple checklist:

1. Do I regularly purchase kitchen items like bacon and mayonnaise in bulk?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

2. Do I belong to Restaurant Depot?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

3. Have I noticed any strange charges on my accounts lately, say, for one dozen lynx fur jackets with fox trim?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

4. You MAY be at risk for credit card fraud. Please contact your credit card company immediately.

5. You are NOT at risk for credit card fraud. Continue gorging yourself on bacon and mayonnaise in sensible quantities, free from worry.

Credit: Gawker.com

InternationalCheckout.com Database Hacked, Customers Credit Cards Abused

Tuesday, December 6th, 2011

International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details.

“International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information,” reads the email provided by SpywareSucks.

“You are receiving this email from International Checkout because your credit card information was in the database which was compromised.”

It seems as the breach was discovered sometime in mid-September and an investigation has immediately commenced. Besides the fact that the authorities were notified of the issue, the credit card information from the databases was removed to make sure no one still had access.

Even though the information was encrypted, the attacker managed to obtain the encryption key that was stored in a separate location.

“As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take the appropriate measures to protect themselves,” the notification adds.

The company is advising customers to closely monitor their bank account statements for any suspicious transactions. Bank account numbers were not exposed, but credit cards numbers were and in some situations the financial institutions involved may even recommend the changing of the account number.

An important thing customers should know is that they will not be directly contacted by International Checkout, unless they call them first. They alert individuals on the fact that some might profit from the situation and call them pretending to represent the firm, requesting sensitive information.

“We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number.”

Unfortunately, a lot of companies are on International Checkout’s partner list so the number of potential victims is high and people are already starting to complain about abusive transactions made with their credit cards. Some of the websites listed on http://www.internationalcheckoutsolutions.com/merchant-partners.php include TahoeMountainSports.com, MoreschiShoes.com, LaurenKlein.com, SofiaBean.com, EnvyCig.com, WTeaShop.com, PromoStadium.com, PTTechSolutions.com, ViveDecor.com, HUFWorldwide.com, SavingLots.com, MGallerie.com, Audioque.com, LuckyTeria.com, FrankliWild.com, Vivarati.com, BuyRailings.com, RackMountSales.com.

Credit: Softpedia.com News

Numerous Defense And Chemical Firms Targeted In Industrial Espionage Campaign

Monday, October 31st, 2011

Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said.

At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been attacked since the middle of July, Symantec researchers wrote in the report released Monday. The unknown attackers used back door trojans, including a variant of the publicly available Poison Ivy, to exfiltrate data from victims – including multiple Fortune 100 companies involved in the research and development of chemical compounds and advanced materials.

“These attacks are primarily targeting private industry in search of key intellectual property for competitive advantage, military institutions, and governmental organizations often in search of documents related to current political events and human rights organizations,” the eight-page Symantec report stated. “This attack campaign focused on the chemical sector with the goal of obtaining sensitive documents such as proprietary designs, formulas, and manufacturing processes.”

The campaign, which the Symantec researchers have dubbed “Nitro,” wasn’t disrupted until the middle of September.

The majority of infected machines found connecting to command and control servers were located in the US, Bangladesh, and the UK. Other infected computers came from an additional 17 countries, including Argentina, Singapore, and China.

Some of the attacks have been traced to a computer that acted as a virtual private server by an individual located in the Hebei region of China. While a person calling himself Covert Grove claimed he used the system for legitimate reasons, the researchers said his denial seemed “suspicious.”

“We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role,” they wrote. “Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.”

The attacks typically begin with emails purporting to warn of unpatched vulnerabilities in the Adobe Reader program from the recipient’s IT department. When the recipient clicks on one of two files included, Poison Ivy or Backdoor.0divy is installed. Security provider Norman ASA has technical information about the malicious payloads at blogs.norman.com.

Several other groups that appear to be unrelated are targeting some of the same chemical companies with malicious documents that exploit vulnerabilities in Adobe Reader and Microsoft Office. As a result, the victims are infected with Backdoor.Sogu, the same custom-developed threat used to steal personal information from as many as 35 million users of a South Korean social network, the Symantec researchers said.

Credit: The Register

Data From 56 Law Enforcement Agencies Stolen By Antisec, 10GBs Of Emails From 300 Accounts Posted Online

Saturday, August 6th, 2011

Hackers associated with Anonymous’ Operation Antisec have leaked a massive cache of personal records, email messages and confidential documents belonging to law enforcement agencies.

The data was obtained recently when the group hacked into a server housing 77 websites belonging to county sheriff offices and other local law enforcement organizations.

The leak has been posted on ThePirateBay and also mirrored on a website accessible only over the Tor anonymity network. It consists of 10GBs-worth of emails taken from 300 email accounts maintained by 56 law enforcement agencies. The personal information of over 7,000 people including police officers, inmates and informants is also included and so are confidential police reports.

The public availability of this data puts many people at risk of physical harm, but the hacktivists make it clear that they don’t care. “We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information,” they write in their release announcement.

“For too long they have been using and abusing our personal information, spying on us, arresting us, beating us, and thinking that they can get away with oppressing us in secrecy. Well it’s retribution time,” they add.

The AntiSec supporters claim they were amused by the statements of various law enforcement officials who downplayed the security breach after it was announced earlier this week.

The leak is also in support to Topiary and other Anonymous supporters arrested recently in US and abroad. “You may bust a few of us, but we greatly outnumber you, and you can never stop us from continuing to destroy your systems and leak your data,” the hackers warn.

The message of this massive leak is clear. Antisec hackers are at war with both the intelligence community and law enforcement agencies, and there’s no end in sight to this conflict. Neither side is likely to back down.

Credit: Softpedia.com News

US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online

Saturday, July 30th, 2011

Anonymous has published around 400 MB of confidential documents involving ManTech, a large federal contractor which provides IT solutions to many government departments.

The hacktivist collective announced plans to release the files yesterday and even posted some teaser samples to prove it means business. The full archive was eventually released in true Anonymous style, with a press release on Pastebin and a torrent on ThePirateBay.

“Today is Friday and we will be following the tradition of humiliating our friends from the FBI once again. This time we hit one of their biggest contractors for cyber security: Mantech International Corporation,” the group writes.

However, while it tries to focus on ManTech’s connection with the FBI, the leaked files are actually contracts and other documents related to the company’s dealings with NATO.

The group does claim that it “pwned ManTech utterly and thoroughly,” but this doesn’t necessarily mean that it hacked into its own network or systems. In fact, Anonymous let it slip yesterday that these files are from an earlier compromise of NATO servers.

“We’ll release about 500 megabyte of this [expletive] by today. A real fun #FFF. And yes , NATO, this was your leak. Expected us? #AntiSec #FFFriday,” the group tweeted yesterday.

The hacktivists even mention this in the press release associated with the leak. “Most of the documents in this first batch are related to NATO who, you may recall, made some bold claims regarding Anonymous earlier this year,” they write.

ManTech has responded to incident with a statement on its website, but didn’t mention if the breach originated on its network or somewhere else. “ManTech takes seriously recent reports of a cyber threat, and we responsibly and actively address all sources of information about threats to our information and assets and those of our customers,” the company wrote.

But regardless of the source of the leaked documents, the fact that the confidential contracts of yet another company supplying technology to the government were exposed does not help taxpayer confidence at all. This is the sixth government contractor targeted as part of Anonymous’ Operation AntiSec.

Credit: Softpedia.com News

U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

Tuesday, July 12th, 2011

Hackers affiliated with the Anonymous collective and its Antisec campaign have hacked into computer systems belonging to U.S. military contractor Booz Allen Hamilton and leaked sensitive data found inside.

The hackers described the attack in the description of a torrent posted on ThePirateBay which also contains a list of 90,000 email addresses belonging to military personnel together with crackable password hashes.

“We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty,” the hackers write.

In addition to the email addresses, the attackers also included an sql dump of the database and additional data found on other internal servers they were able to access.

Four gigabytes of source code were allegedly copied from the company’s svn server and its contents were wiped clean afterwards. The code is not included in the torrent.

Booz Allen Hamilton declined to comment. “As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems,” the company wrote on Twitter.

The hackers claim that the compromise provided them with the access keys for other government related targets which they plan to hit in the future.

The security breach and data leak raise serious concerns because of the nature of the information involved. First of all, it’s not probably average soldiers who have accounts with Booz Allen Hamilton, but ranking officers, particularly those dealing with intelligence.

The fact that hashes were generated with the SHA1 algorithm and are not salted makes them susceptible to brute force cracking attempts, especially if the original passwords were not strong to begin with.

But even if the access codes don’t get cracked or if they weren’t used anywhere else except Booz Allen Hamilton, there is still the risk of targeted email attacks.

Credit: Softpedia.com News

Fox News Twitter Account Hijacked, Reports Obama’s Assassination

Monday, July 4th, 2011

The FOX News Politics Twitter account has been hijacked and used to post fake reports about president Obama being assassinated.

The attack began with a message from the hacker that ironically said: “Just regained full access to our Twitter and email. Happy 4th.” Soon afterwards, the first Obama announcement was posted claiming that “@BarackObama has just passed. The President is dead. A sad 4th of July, indeed. President Barack Obama is dead.”

In the tweets that followed, the person controlling the Fox account claimed the president was shot two times, in the lower pelvic area and in the neck, while campaigning at a restaurant in Iowa.

“We wish @joebiden the best of luck as our new President of the United States. In such a time of madness, there’s light at the end of tunnel,” the hijacker tweeted.

The compromised @foxnewspolitics account bears the verified by Twitter mark. It has around 33,500 followers and is included on nearly 2000 watch lists.

The messages stopped within an hour. It’s not clear if Fox regained access over the account, but the rogue posts haven’t been removed and there’s been no statement from the network regarding the incident.

This is not the first time when Fox was targeted by hackers or when one of its Twitter accounts was hijacked. Back in January 2009, thirty-three high-profile Twitter accounts including that of Fox News were hijacked and used to spread fake information. Fox’s account in particular was used to make comments about Bill O’Reilly’s sexual orientation.

More recently, the now-defunct hacking outfit Lulzsec broke into several Fox computer systems and leaked the personal information and email passwords of its employees. The attack came after the same group leaked a database containing the personal information of X-Factor auditionees.

Credit: Softpedia.com News